It baffles me that you can advertise something as “unlimited” and then impose arbitrary limits after the fact.

I didn’t saw anything on the post that suggests that was the case. They start with a reference to a urgent call for a meeting from cloud flare to discuss specifics on how they were using the hosting provider’s service, which sounds a lot like they were caught hiding behind the host doing abusive things,and afterwards they were explicitly pointed out for doing abusing stuff that violated terms of service and jeopardized the hosting service’s reputation as a good actor.

First communication, because they clearly were confused about what was happening and felt like they didn’t have anyone technical explain it to them and it felt like a sales pitch.

I don’t think that was the case.

The substack post is a one-sided and very partial account, and one that doesn’t pass the smell test. They use an awful lot of weasel worlds and leave about whole accounts on what has been discussed with cloud flare in meetings summoned with a matter of urgency.

Occam’s razor suggests they were intentionally involved in multiple layers of abuse, were told to stop it, ignored all warnings, and once the consequences hit they decided to launch a public attack on their hosting providers.

So is it just Amazon getting hit for this? Or will they be going after the manufacturer as well?

Nowadays it’s hard to tell the difference between Amazon and Ali Express. Even if it’s a third-party dropship business selling through Amazon, it’s still Amazon doing the listing, selling, and transaction processing.

Even if you argue that the same store can sell stuff elsewhere, Amazon is still the one selling those. At best, you’d need to argue that after hitting Amazon, other stores should follow.

appears to be a weak patch.

It’s not a patch. It’s eliminating an attack vector, and the one which is more pervasive and easier to exploit.

Security-minded people pay far more attention to what software you run than what hardware you have.

But we often hear about ‘corporate lobbying’ and you’ve described things mostly carried out by individuals or nonprofits.

No, I’m describing lobbying. The definition of lobbying doesn’t depend on your market capitalization or revenue. A corporation does lobbying, just like unions do and industry representatives and community groups. If you have personal interests and want to raise awareness with stakeholders then you reach out to them.

I mean, Wikipedia’s article on lobbying also refers to it as advocacy. From Wikipedia;

In politics, lobbying or advocacy, is the act of lawfully attempting to influence the actions, policies, or decisions of government officials, most often legislators or members of regulatory agencies, but also judges of the judiciary.

“Attempting to influence” is the operative principle.

And so is “lawfully”. Which is not the same as the corruption you pinned on “Eastern countries”.

I agree that complexity is the problem and I’m avoiding Kubernetes like the plague. I set up a nomad cluster in a few days and it just works, has service discovery, and is perfectly simple to understand.

I think Kubernetes gets a bad rap out of ignorance. You can make it as complex as you want, but you can also keep things trivial and simple if that’s what your aiming for.

Case in point, I operate a Kubernetes cluster with microk8s. I got my nodes up and running in a one-time setup, and after this all I need to do is kubectl apply -k to get my apps deployed and running. Each konfiguration script is trivial too. ingress, services, deployments. That’s it. A docker compose script is far more complex and hard to maintain than that. Where’s the complexity?

Honestly, have you ever gave kubernetes a try? If you did, what exactly did you tried to do? I bet that if you do an honest apples-to-apples comparison with any setup that you believe works, you’ll notice that you’re doing far more work to achieve the same result. This is a given as you’re pointing out nomad of all things as something simple.

Western countries got ‘lobbying’

The term “lobbying” doesn’t mean corruption. It means basically have meetings with stakeholders to discuss issues regarding policy and agenda.

If you hold a meeting with your local city council asking for a crosswalk, you’re engaged in lobbying. If you chat with the local police chief asking for more patrols in some part or another of town, you’re engaged in lobbying.

Now, lobbying might set the stage for corruption. If you’re talking to your city council about the need for a crosswalk and you show a video of cars speeding by an intersection, that’s ok. If instead you tell your city councilman that if he hires your construction company to build that crosswalk then you’ll pay him a wad of cash, that’s corruption.

Lobbying is not corruption. It’s weird how the basis of any democratic system is attacked for being “corruption” to try to justify corruption in corrupt hellholes.

For Signal, no.

There is an argument to make about using custom versions of Signal that route their traffic through your own infrastructure.

This would count as France running their own service.

Given that Signal relies on centralized servers to route traffic, and if I’m not mistaken they use AWS in US instances, this means that your Signal traffic is being fed straight into the US security services’ infrastructure. France might be a staunch ally of the US, but they do go through great lengths to preserve their independence.

I’m not a proponent of any backdoors like this.

I’m not sure you got the gist of what I said. The point I made was that if being the host nation of an organization meant that their government can add backdoors at will, using any foreign service would automatically mean you’d be snooped by external actors.

Regardless of where you stand on whether you want to add your own backdoor or not, by your own logic using a foreign service means your services are already compromised.

If that’s the case, wouldn’t it make sense to simply run your own stuff?

A far better reason not to use WhatsApp is that it is run by Facebook. It was also a primary vector for Pegasus.

Aren’t you doubling down on the government of France’s position?

I mean, the french minister did explicitly stated that “[you] cannot guarantee the security of conversations and information shared via them”.

France wants backdoors into these apps, it’s not a lack of trust thing.

If it’s trivial for a host nation to add backdoors to instant messaging services, you’d be agreeing with the government of France and you’d be pressing to migrate your communication out of the hand of third parties.

To start Europe should have secure phones made in EU.

Doesn’t switching instant messaging services count as a start? Switching hardware is far harder than switching software.

Also, local messaging systems also determine where your traffic goes and who controls that data. If you have a french messaging service with data centers in france routing traffic between people in France, you are in a far better shape.

Ive been paying attention which is why I dont see the communities youre talking about (especially after ive tweaked things).

You’re not paying any attention to what your bot is doing if you aren’t noticing where and what your bot is posting.

If you want it removed from c++ node and cloud I can do that (I assume you do considering what youve been saying so will remove the three communities from the bots sight)

That does not fix the problem you’re creating.

The problem is that your bot is dumping spam onto Lemmy, and apparently you don’t even realize how broken your bot is.

If I wanted to ban your bot from the communities I moderate, I would already have done so. That does not fix the problem though.

I don’t see how it’s reasonable to expect that your misjudgement in deploying a broken bot should be solved by forcing others to cleanup after you, or do extra maintenance work just to avoid the mess you’re creating.

In the very least, your bot should be opt-in, and it should directly cross-post stuff onto the communities that want a bot to generate traffic for them instead of annoying people.

Lastly, if you want additional evidence that your bot is broken by design, here’s the absurd suggestion it posted onto !gamedev@programming.dev triggered by a post with a Godot example.

Do you really believe you’re doing anyone any favor by suggesting to post a Godot C# sample to communities dedicated to the C programming language and .NET?

which communities?

If you’re paying any attention to what your bot is doing, you’ll be aware of which communities it’s triggering and what/how many messages it’s spamming them with.

Nevertheless, again: the problem with your bot is that it’s broken by design. If your goal is to cross-post submissions to related communities, instead of spamming discussions with requests your bot would be cross-posting submissions to related communities. If you did any semblance of requirements gathering, you would also notice that a basic feature of these bots is a) be opt-in, b) stop posting based on community feedback.

for node.js it seems like it was triggering (…)

The problem is not how the bot is triggered. The problem is that the bot is broken by design. Its main output is spamming Lemmy instances with posts that add no value at all.

I mean, haven’t you even noticed that in some communities your bot is posting more messages than the number of daily visitors?

What exactly do you plan to achieve with this?

Please shut down your bot.

The article on c/programming was about postgresql and the article on c/postgresql was about performance.

It really doesn’t matter. It’s really not about the article. It’s about the high volume of spam that you are trying to generate on programming.dev communities without creating any value at all. I mean, your bot is not cross-posting content: it’s spamming communities to get someone else to do the work.

Here’s the latest screwup that your bot is creating (link):

The !nodejs@programming.dev community currently lists 3 active users per month, and your bot spammed it on each new post sent to it asking those 3 active users to cross-post stuff to multiple communities. This is nuts.

Again, please stop with all the spamming. Your bot is the single most damaging thing done to programming.dev since its been launched.

I can’t stress enough how annoying and ill thought out this bot is. I’ve seen the bot react to posts to !programming@programming.dev pointing to !postgresql@programming.dev , and then react to posts to !postgresql@programming.dev to point to !performance@programming.dev. What’s the end goal here? Spam all communities with requests to cross-post stuff to all communities under the sun?

If the goal is to kill Lemmy as a usable service, you’re doing a good job.

Leaving my 0.02$ here:

Please don’t deploy this bot. It’s annoying, it contributes nothing to actually create interesting content for the community to engage, and in fact its main output is spam.

It does more harm than good. Please don’t.

I’d add that if the idea was any good then instead of spamming people left and right, it would suffice to crosspost stuff on target communities.

I imaging trying to be a professional electrical engineer (despite having a degree)

That’s the definition of specious reasoning, and fails to address the point I made.

This might be relevant to the discussion:

https://en.wikipedia.org/wiki/Dunning–Kruger_effect